[ovirt-users] vdsm ssl errors

Simone Tiraboschi stirabos at redhat.com
Thu Oct 13 12:45:51 UTC 2016 

On Thu, Oct 13, 2016 at 11:23 AM, Piotr Kliczewski <pkliczew at redhat.com>
wrote:

> Gianluca,
>
> The port needs to be open on machines where vdsm is installed.
>
> @Simone can you take a look why after running host deploy at 2016-10-03
> 23:28:47,891
> we are not able to talk to vdsm anymore?
>

OK, I'm on it.


>
> Thanks,
> Piotr
>

> On Thu, Oct 13, 2016 at 11:15 AM, Gianluca Cecchi <
> gianluca.cecchi at gmail.com> wrote:
>
>>
>>
>> On Thu, Oct 13, 2016 at 11:13 AM, Gianluca Cecchi <
>> gianluca.cecchi at gmail.com> wrote:
>>
>>> Il 13/Ott/2016 11:00, "Piotr Kliczewski" <pkliczew at redhat.com> ha
>>> scritto:
>>> >
>>> > Gianluca,
>>> >
>>> > Checking the log it seems that we do not configure firewall:
>>> >
>>> > NETWORK/firewalldEnable=bool:'False'
>>> > NETWORK/iptablesEnable=bool:'False'
>>> >
>>> > Please make sure that you reconfigure your firewall to open 54321 port
>>> or let host deploy to do it for you.
>>> >
>>> > Thanks,
>>> > Piotr
>>>
>>> Hi,
>>> at this moment Ihave:
>>> On hypervisor iptables service configured and active.
>>> On engine firewalld service configured and active.
>>> Do I have to open port 54321 on host?
>>>
>> Actually it is already...
>>
>> root at ovirt01 ~]# iptables -L -n
>> Chain INPUT (policy ACCEPT)
>> target     prot opt source               destination
>> ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:53
>> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:53
>> ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:67
>> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:67
>> ACCEPT     all  --  192.168.1.212        0.0.0.0/0
>> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state
>> RELATED,ESTABLISHED
>> ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
>> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
>> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp
>> dpt:54321
>> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:111
>> ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:111
>> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22
>> ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:161
>> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp
>> dpt:16514
>> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            multiport
>> dports 2223
>> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            multiport
>> dports 5900:6923
>> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            multiport
>> dports 49152:49216
>> REJECT     all  --  0.0.0.0/0            0.0.0.0/0
>> reject-with icmp-host-prohibited
>>
>> Chain FORWARD (policy ACCEPT)
>> target     prot opt source               destination
>> ACCEPT     all  --  0.0.0.0/0            192.168.122.0/24     ctstate
>> RELATED,ESTABLISHED
>> ACCEPT     all  --  192.168.122.0/24     0.0.0.0/0
>> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
>> REJECT     all  --  0.0.0.0/0            0.0.0.0/0
>> reject-with icmp-port-unreachable
>> REJECT     all  --  0.0.0.0/0            0.0.0.0/0
>> reject-with icmp-port-unreachable
>> REJECT     all  --  0.0.0.0/0            0.0.0.0/0            PHYSDEV
>> match ! --physdev-is-bridged reject-with icmp-host-prohibited
>>
>> Chain OUTPUT (policy ACCEPT)
>> target     prot opt source               destination
>> ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:68
>> [root at ovirt01 ~]#
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20161013/938dd1ea/attachment-0001.html>

More information about the Users mailing list